spec/features/users_auth_spec.rb
require 'rails_helper'
feature 'Users' do
context 'Regular authentication' do
context 'Sign up' do
xscenario 'Success' do
message = "You have been sent a message containing a verification link. Please click on this link to activate your account."
visit '/'
click_link 'Register'
fill_in 'user_username', with: 'Manuela Carmena'
fill_in 'user_email', with: 'manuela@consul.dev'
fill_in 'user_password', with: 'judgementday'
fill_in 'user_password_confirmation', with: 'judgementday'
check 'user_terms_of_service'
click_button 'Register'
expect(page).to have_content message
confirm_email
expect(page).to have_content "Your account has been confirmed."
end
xscenario 'Errors on sign up' do
visit '/'
click_link 'Register'
click_button 'Register'
expect(page).to have_content error_message
end
end
context 'Sign in' do
xscenario 'sign in with email' do
create(:user, email: 'manuela@consul.dev', password: 'judgementday')
visit '/'
click_link 'Sign in'
fill_in 'user_login', with: 'manuela@consul.dev'
fill_in 'user_password', with: 'judgementday'
click_button 'Enter'
expect(page).to have_content 'You have been signed in successfully.'
end
xscenario 'Sign in with username' do
create(:user, username: 'π»π½πΎπ€', email: 'ash@nostromo.dev', password: 'xenomorph')
visit '/'
click_link 'Sign in'
fill_in 'user_login', with: 'π»π½πΎπ€'
fill_in 'user_password', with: 'xenomorph'
click_button 'Enter'
expect(page).to have_content 'You have been signed in successfully.'
end
xscenario 'Avoid username-email collisions' do
u1 = create(:user, username: 'Spidey', email: 'peter@nyc.dev', password: 'greatpower')
u2 = create(:user, username: 'peter@nyc.dev', email: 'venom@nyc.dev', password: 'symbiote')
visit '/'
click_link 'Sign in'
fill_in 'user_login', with: 'peter@nyc.dev'
fill_in 'user_password', with: 'greatpower'
click_button 'Enter'
expect(page).to have_content 'You have been signed in successfully.'
visit account_path
expect(page).to have_link 'My activity', href: user_path(u1)
visit '/'
click_link 'Sign out'
expect(page).to have_content 'You have been signed out successfully.'
click_link 'Sign in'
fill_in 'user_login', with: 'peter@nyc.dev'
fill_in 'user_password', with: 'symbiote'
click_button 'Enter'
expect(page).not_to have_content 'You have been signed in successfully.'
expect(page).to have_content 'Invalid login or password.'
fill_in 'user_login', with: 'venom@nyc.dev'
fill_in 'user_password', with: 'symbiote'
click_button 'Enter'
expect(page).to have_content 'You have been signed in successfully.'
visit account_path
expect(page).to have_link 'My activity', href: user_path(u2)
end
end
end
context 'OAuth authentication' do
context 'Twitter' do
let(:twitter_hash){ {provider: 'twitter', uid: '12345', info: {name: 'manuela'}} }
let(:twitter_hash_with_email){ {provider: 'twitter', uid: '12345', info: {name: 'manuela', email: 'manuelacarmena@example.com'}} }
let(:twitter_hash_with_verified_email) do
{
provider: 'twitter',
uid: '12345',
info: {
name: 'manuela',
email: 'manuelacarmena@example.com',
verified: '1'
}
}
end
xscenario 'Sign up when Oauth provider has a verified email' do
OmniAuth.config.add_mock(:twitter, twitter_hash_with_verified_email)
visit '/'
click_link 'Register'
click_link 'Sign up with Twitter'
expect_to_be_signed_in
click_link 'My account'
expect(page).to have_field('account_username', with: 'manuela')
visit edit_user_registration_path
expect(page).to have_field('user_email', with: 'manuelacarmena@example.com')
end
xscenario 'Sign up when Oauth provider has an unverified email' do
OmniAuth.config.add_mock(:twitter, twitter_hash_with_email)
visit '/'
click_link 'Register'
click_link 'Sign up with Twitter'
expect(page).to have_current_path(new_user_session_path)
expect(page).to have_content "To continue, please click on the confirmation link that we have sent you via email"
confirm_email
expect(page).to have_content "Your account has been confirmed"
visit '/'
click_link 'Sign in'
click_link 'Sign in with Twitter'
expect_to_be_signed_in
click_link 'My account'
expect(page).to have_field('account_username', with: 'manuela')
visit edit_user_registration_path
expect(page).to have_field('user_email', with: 'manuelacarmena@example.com')
end
xscenario 'Sign up, when no email was provided by OAuth provider' do
OmniAuth.config.add_mock(:twitter, twitter_hash)
visit '/'
click_link 'Register'
click_link 'Sign up with Twitter'
expect(page).to have_current_path(finish_signup_path)
fill_in 'user_email', with: 'manueladelascarmenas@example.com'
click_button 'Register'
expect(page).to have_content "To continue, please click on the confirmation link that we have sent you via email"
confirm_email
expect(page).to have_content "Your account has been confirmed"
visit '/'
click_link 'Sign in'
click_link 'Sign in with Twitter'
expect_to_be_signed_in
click_link 'My account'
expect(page).to have_field('account_username', with: 'manuela')
visit edit_user_registration_path
expect(page).to have_field('user_email', with: 'manueladelascarmenas@example.com')
end
xscenario 'Cancelling signup' do
OmniAuth.config.add_mock(:twitter, twitter_hash)
visit '/'
click_link 'Register'
click_link 'Sign up with Twitter'
expect(page).to have_current_path(finish_signup_path)
click_link 'Cancel login'
visit '/'
expect_to_not_be_signed_in
end
xscenario 'Sign in, user was already signed up with OAuth' do
user = create(:user, email: 'manuela@consul.dev', password: 'judgementday')
create(:identity, uid: '12345', provider: 'twitter', user: user)
OmniAuth.config.add_mock(:twitter, twitter_hash)
visit '/'
click_link 'Sign in'
click_link 'Sign in with Twitter'
expect_to_be_signed_in
click_link 'My account'
expect(page).to have_field('account_username', with: user.username)
visit edit_user_registration_path
expect(page).to have_field('user_email', with: user.email)
end
xscenario 'Try to register with the username of an already existing user' do
create(:user, username: 'manuela', email: 'manuela@consul.dev', password: 'judgementday')
OmniAuth.config.add_mock(:twitter, twitter_hash_with_verified_email)
visit '/'
click_link 'Register'
click_link 'Sign up with Twitter'
expect(page).to have_current_path(finish_signup_path)
expect(page).to have_field('user_username', with: 'manuela')
click_button 'Register'
expect(page).to have_current_path(do_finish_signup_path)
fill_in 'user_username', with: 'manuela2'
click_button 'Register'
expect_to_be_signed_in
click_link 'My account'
expect(page).to have_field('account_username', with: 'manuela2')
visit edit_user_registration_path
expect(page).to have_field('user_email', with: 'manuelacarmena@example.com')
end
xscenario 'Try to register with the email of an already existing user, when no email was provided by oauth' do
create(:user, username: 'peter', email: 'manuela@example.com')
OmniAuth.config.add_mock(:twitter, twitter_hash)
visit '/'
click_link 'Register'
click_link 'Sign up with Twitter'
expect(page).to have_current_path(finish_signup_path)
fill_in 'user_email', with: 'manuela@example.com'
click_button 'Register'
expect(page).to have_current_path(do_finish_signup_path)
fill_in 'user_email', with: 'somethingelse@example.com'
click_button 'Register'
expect(page).to have_content "To continue, please click on the confirmation link that we have sent you via email"
confirm_email
expect(page).to have_content "Your account has been confirmed"
visit '/'
click_link 'Sign in'
click_link 'Sign in with Twitter'
expect_to_be_signed_in
click_link 'My account'
expect(page).to have_field('account_username', with: 'manuela')
visit edit_user_registration_path
expect(page).to have_field('user_email', with: 'somethingelse@example.com')
end
xscenario 'Try to register with the email of an already existing user, when an unconfirmed email was provided by oauth' do
create(:user, username: 'peter', email: 'manuelacarmena@example.com')
OmniAuth.config.add_mock(:twitter, twitter_hash_with_email)
visit '/'
click_link 'Register'
click_link 'Sign up with Twitter'
expect(page).to have_current_path(finish_signup_path)
expect(page).to have_field('user_email', with: 'manuelacarmena@example.com')
fill_in 'user_email', with: 'somethingelse@example.com'
click_button 'Register'
expect(page).to have_content "To continue, please click on the confirmation link that we have sent you via email"
confirm_email
expect(page).to have_content "Your account has been confirmed"
visit '/'
click_link 'Sign in'
click_link 'Sign in with Twitter'
expect_to_be_signed_in
click_link 'My account'
expect(page).to have_field('account_username', with: 'manuela')
visit edit_user_registration_path
expect(page).to have_field('user_email', with: 'somethingelse@example.com')
end
end
end
xscenario 'Sign out' do
user = create(:user)
login_as(user)
visit "/"
click_link 'Sign out'
expect(page).to have_content 'You have been signed out successfully.'
end
xscenario 'Reset password' do
create(:user, email: 'manuela@consul.dev')
visit '/'
click_link 'Sign in'
click_link 'Forgotten your password?'
fill_in 'user_email', with: 'manuela@consul.dev'
click_button 'Send instructions'
expect(page).to have_content "In a few minutes, you will receive an email containing instructions on resetting your password."
sent_token = /.*reset_password_token=(.*)".*/.match(ActionMailer::Base.deliveries.last.body.to_s)[1]
visit edit_user_password_path(reset_password_token: sent_token)
fill_in 'user_password', with: 'new password'
fill_in 'user_password_confirmation', with: 'new password'
click_button 'Change my password'
expect(page).to have_content "Your password has been changed successfully."
end
# TODO i18n : broken because of test locale change
xscenario 'Sign in, admin with password expired' do
user = create(:user, password_changed_at: Time.current - 1.year)
admin = create(:administrator, user: user)
login_as(admin.user)
visit root_path
expect(page).to have_content "Your password is expired"
fill_in 'user_current_password', with: 'judgmentday'
fill_in 'user_password', with: '123456789'
fill_in 'user_password_confirmation', with: '123456789'
click_button 'Change your password'
expect(page).to have_content "Password successfully updated"
end
scenario 'Sign in, admin without password expired' do
user = create(:user, password_changed_at: Time.current - 360.days)
admin = create(:administrator, user: user)
login_as(admin.user)
visit root_path
expect(page).not_to have_content "Your password is expired"
end
scenario 'Sign in, user with password expired' do
user = create(:user, password_changed_at: Time.current - 1.year)
login_as(user)
visit root_path
expect(page).not_to have_content "Your password is expired"
end
# TODO i18n : broken because of test locale change
xscenario 'Admin with password expired trying to use same password' do
user = create(:user, password_changed_at: Time.current - 1.year, password: '123456789')
admin = create(:administrator, user: user)
login_as(admin.user)
visit root_path
expect(page).to have_content "Your password is expired"
fill_in 'user_current_password', with: 'judgmentday'
fill_in 'user_password', with: '123456789'
fill_in 'user_password_confirmation', with: '123456789'
click_button 'Change your password'
expect(page).to have_content "must be different than the current password."
end
end